CVE-2024-4886

CWE-639 ā€” Insecure Direct Object ReferenceCWE-6674 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 63.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Buddyboss-platformBuddyboss Buddyboss Platform
Timeline
PublishedJun 5
Latest updateSep 18

Description

The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

ā–¶CVEListV5unknown/buddyboss-platform< 2.6.0

šŸ”“Vulnerability Details

2
GHSA
GHSA-27r3-85x4-pfqv: The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the requestā†—2024-06-05
ā–¶
CVEList
BuddyBoss Platform < 2.6.0 - Subscriber+ Comment on Private Post via IDORā†—2024-06-05
ā–¶

šŸ“‹Vendor Advisories

1
Red Hat
kernel: PCI: Add missing bridge lock to pci_bus_lock()ā†—2024-09-18
ā–¶
CVE-2024-4886 (MEDIUM CVSS 4.3) | The contains an IDOR vulnerability | cvebase.io